Handling sensitive information safely and securely

As a people manage,r you will be required to handle sensitive information about your team members including absence and performance details. This information may include records of both formal and informal discussions and may be held electronically and/or on paper.

To ensure this information is handled appropriately please follow these rules.

Do:

  • ensure that all information is held securely and that non-authorised individuals cannot access it.
  • review the information you hold on a regular basis and consider whether it is adequate, relevant and fit for purpose. Where the information does not meet this criteria, destroy it securely 
  • transfer the relevant hard copy and electronic documents to a team member's new manager when the team member transfers to a new team/department
  • delete your own copies of electronic documents after you have supplied copies to the team member's new manager
  • regularly review Outlook and delete any emails that contain personal information, such as performance appraisal forms, sick prints, or conversations about special leave requests. Remember to check your sent and deleted items
  • Ensure that employee information is appropriately marked as 'protect: staff' or 'protect: medical' as required by the protective marking scheme rules
  • Ensure that formal records are passed to HR for inclusion in the employee's personnel file. This would include invitations to attendance review meetings (ARMs) and letters confirming outcomes of formal meetings

Don't:

  • hold files for longer than necessary. Do you need the information to manage the employee's current situation ie absence/performance/conduct? Remember that HR hold formal records on file if you need to access this information again in the future
  • Don't leave personal information such as absence, performance, conduct records on team members unattended on desks or in unlocked cupboards – always ensure it is located in a secured location